Re: Infection messages?

| Yes, I'm aware of how .ini files have been used going back through Win3.x.

| I'm also aware of how wininit.ini is just a hangover and there are other,
| preferred methods of doing the same thing. According to the aumha article
| however, even though it is not the preferred method, Win XP will execute
| the instructions in a wininit.ini file if one is found.

| And this is where my original question comes in. Just where in the boot
| process does wininit.ini get processed? Since the aumha article points out
| that:

| a) "WININIT.INI is used to complete Windows and program installation steps
| that cannot be completed while Windows is running"

| b) "During the boot process, Windows checks to see if there is a
| WININIT.INI file and, if it finds one, executes its instructions."

| c) and specifies that Windows XP will execute such a file, if it exists
| (assumedly to maintain backwards compatibility)

| I was just curious if anyone happened to know where in the boot process
| that execution was performed. Whether it was before or after the logon
| process.

Rick I think you have a good point in that if the WININIT.INI file is found by the OS it
will do a a file move/delete function "before the logon screen" which is 100% relevant to
Robin's problem.

However, this is a silent function. No screen displays and certainly not "INFECTION:...".

Since you know this INI file and its directives, maybe you could create a test and see
what it does.

Advertisements

John, Andy, thanks for the suggestions. I have checked autoruns. In
fact, A-squared contains a very useful feature called Hijackfree which
gives detailed information on what's present in 5 categories:
processes, ports, autoruns, services and others. I don't see anything
amiss. PCButts emailed me to make the sensible suggestion of checking
the runonce registry entries. They're empty. The weird thing is
where the message is coming from, since no executable on my system
disk contains the string "infection".

Click to expand...

Dl and instal a free anti-virus program like Avira AntiVir and install it.
Disable or uninstall your present anti-virus program (A-squared)
Uninstall your anti-malware programs and install the free version of
MalwareBytes AntiMalware.
Use it to scan frequently.
See if you have the same problem. If not, install each of the programs you
uninstalled or disabled one at a time to see if you can find out which one
causes the problem.
I don't think you ever said you installed and ran the free version of MBAM
(MalwareBytes Anti-Malware) and the free version of SAS (SuperAntiSpyware).
If you didn't (this is a damn long thread) please do it.
Buffalo

Right you are. Sorry.
I now realize that Robin uses Kaspersky.
Ok, Robin, disable or uninstall Kaspersky and use the free version of Avira
AntiVir temporarily.\
Since even Lipman can't nail it, please post back on what program is causing
the message.
Thanks,
Buffalo

| Right you are. Sorry.
| I now realize that Robin uses Kaspersky.
| Ok, Robin, disable or uninstall Kaspersky and use the free version of Avira
| AntiVir temporarily.\
| Since even Lipman can't nail it, please post back on what program is causing
| the message.
| Thanks,
| Buffalo

Robin has already indicated NUMEROUS anti malware scans have been performewd with nothing
being found.

We do NOT know what security program is generating this message. That is the problem.

Robin has already indicated NUMEROUS anti malware scans have been
performewd with nothing being found.

We do NOT know what security program is generating this message.
That is the problem.

Click to expand...

That is why I recommended that he disable or uninstall his anti-virus and
anti-malware programs and install Avira AntiVir and free MBAM and hopefully
the free SAS. ( I don't think he ever said that he tried them both)
If the above doesn't change things, then that would indicate a different
security program causing the problem.
Buffalo

That is why I recommended that he disable or uninstall his anti-virus and
anti-malware programs and install Avira AntiVir and free MBAM and hopefully
the free SAS. ( I don't think he ever said that he tried them both)
If the above doesn't change things, then that would indicate a different
security program causing the problem.
Buffalo

Click to expand...

Just to save you reading back in the thread, I have SAS Pro, which is
not free, and MBAM, which is. I also run ActiveScan 2, which was
recommended, together with Kaspersky, by AumHa. I don't intend to
through the process of uninstalling Kaspersky.

Just to save you reading back in the thread, I have SAS Pro, which is
not free, and MBAM, which is. I also run ActiveScan 2, which was
recommended, together with Kaspersky, by AumHa. I don't intend to
through the process of uninstalling Kaspersky.

Click to expand...

OK, missed that point. If you disable Kaspersky and just use the free Avira
AntiVir and no message comes up, perhaps it is Kaspersky doing it.
Doesn't really seem like it's worth the trouble overall.
Buffalo
PS: If you ever find out what it is, please post back.

Just to save you reading back in the thread, I have SAS Pro, which is
not free, and MBAM, which is. I also run ActiveScan 2, which was
recommended, together with Kaspersky, by AumHa. I don't intend to
through the process of uninstalling Kaspersky.

Click to expand...

OK, missed that point. If you disable Kaspersky and just use the free Avira
AntiVir and no message comes up, perhaps it is Kaspersky doing it.
Doesn't really seem like it's worth the trouble overall.
Buffalo
PS: If you ever find out what it is, please post back.

That is why I recommended that he disable or uninstall his
anti-virus and anti-malware programs and install Avira AntiVir and
free MBAM and hopefully the free SAS. ( I don't think he ever said
that he tried them both)
If the above doesn't change things, then that would indicate a
different security program causing the problem.
Buffalo

Just to save you reading back in the thread, I have SAS Pro, which is
not free, and MBAM, which is. I also run ActiveScan 2, which was
recommended, together with Kaspersky, by AumHa. I don't intend to
through the process of uninstalling Kaspersky.

Click to expand...

OK, missed that point. If you disable Kaspersky and just use the free Avira
AntiVir and no message comes up, perhaps it is Kaspersky doing it.
Doesn't really seem like it's worth the trouble overall.
Buffalo
PS: If you ever find out what it is, please post back.

That is why I recommended that he disable or uninstall his
anti-virus and anti-malware programs and install Avira AntiVir and
free MBAM and hopefully the free SAS. ( I don't think he ever said
that he tried them both)
If the above doesn't change things, then that would indicate a
different security program causing the problem.
Buffalo

Just to save you reading back in the thread, I have SAS Pro, which is
not free, and MBAM, which is. I also run ActiveScan 2, which was
recommended, together with Kaspersky, by AumHa. I don't intend to
through the process of uninstalling Kaspersky.

OK, missed that point. If you disable Kaspersky and just use the free Avira
AntiVir and no message comes up, perhaps it is Kaspersky doing it.
Doesn't really seem like it's worth the trouble overall.
Buffalo
PS: If you ever find out what it is, please post back.

That is why I recommended that he disable or uninstall his
anti-virus and anti-malware programs and install Avira AntiVir
and free MBAM and hopefully the free SAS. ( I don't think he
ever said that he tried them both)
If the above doesn't change things, then that would indicate a
different security program causing the problem.
Buffalo

Just to save you reading back in the thread, I have SAS Pro,
which is not free, and MBAM, which is. I also run ActiveScan 2,
which was recommended, together with Kaspersky, by AumHa. I
don't intend to through the process of uninstalling Kaspersky.

OK, missed that point. If you disable Kaspersky and just use the
free Avira AntiVir and no message comes up, perhaps it is
Kaspersky doing it.
Doesn't really seem like it's worth the trouble overall.
Buffalo
PS: If you ever find out what it is, please post back.

I certainly will.

Click to expand...

I'm running Avira now.

Click to expand...

And it found nothing.

Click to expand...

Perhaps just let Avira run for several days while Kaspersky is disabled, if
you wish.
Buffalo

Perhaps just let Avira run for several days while Kaspersky is disabled,if
you wish.
Buffalo

Click to expand...

I don't think it'll find anything.
There appears to be no rhyme or reason behind these messages. For
example, when I rebooted last night, there were hundreds of these
messages, in bunches. I can't tell how many are in a bunch, maybe 32
or 64. A bunch scrolls for about five seconds, there's a two second
gap, then another bunch scrolls, and so on. Last night there were four
of these bunches, plus half a screen of bunch five. Tonight when I
booted there were just two of these messages (not two bunches). I
booted again and there were none. I've found this behaviour before.
These messages seem to come and go.

I just again checked the contents of all files on c: and d:, and the
registry, for the string "infection", without finding anything
associated in any way with an executable. Weird.

Perhaps just let Avira run for several days while Kaspersky is
disabled, if you wish.
Buffalo

Click to expand...

I don't think it'll find anything.
There appears to be no rhyme or reason behind these messages. For
example, when I rebooted last night, there were hundreds of these
messages, in bunches. I can't tell how many are in a bunch, maybe 32
or 64. A bunch scrolls for about five seconds, there's a two second
gap, then another bunch scrolls, and so on. Last night there were four
of these bunches, plus half a screen of bunch five. Tonight when I
booted there were just two of these messages (not two bunches). I
booted again and there were none. I've found this behaviour before.
These messages seem to come and go.

I just again checked the contents of all files on c: and d:, and the
registry, for the string "infection", without finding anything
associated in any way with an executable. Weird.

Click to expand...

I was just suggesting that possibly Kaspersky could be the culprit and
disabling it and only running Avira to see if the messages stop.
However, I really doubt Kaspersky would react that way.
We know 'something' is generating the messages and hopefully there is
someone in this ng that would have a good suggestion for a program that
could monitor all the startups.
Buffalo
PS: It will be interesting to see what caused it.
And, do you have more than one (1) antivirus program running in real time,
such as Windows Defender?

Just another piece of data. I just logged on as "administrator" (with
several screens full of these infection messages) to see if, when I
rebooted, I might have some "administrator\cookies\index.dat"
messages.
When I rebooted back as myself all the infection messages had
vanished. But this has happened before on reboot.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Actually Robin you do have Mail Washer Pro installed unless you've
uninstalled it in the past few days. It shows up in your log file.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Welcome to Spyware Point!

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about computer security and malware removal, or chat with the community and help others.
Ask a Question